USN-2114-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-2114-1

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.10

Summary

Several security issues were fixed in the kernel.

Software description

linux
- Linux kernel

Details

Vasily Kulikov reported a flaw in the Linux kernel's implementation ofptrace. An unprivileged local user could exploit this flaw to obtainsensitive information from kernel memory. (CVE-2013-2929)

A flaw in the handling of memory regions of the kernel virtual machine(KVM) subsystem was discovered. A local user with the ability to assign adevice could exploit this flaw to cause a denial of service (memoryconsumption). (CVE-2013-4592)

Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel'sdebugfs filesystem. An administrative local user could exploit this flaw tocause a denial of service (OOPS). (CVE-2013-6378)

Nico Golde and Fabian Yamaguchi reported a flaw in the driver for AdaptecAACRAID scsi raid devices in the Linux kernel. A local user could use thisflaw to cause a denial of service or possibly other unspecified impact.(CVE-2013-6380)

Update instructions

The problem can be corrected by updating your system to the following
package version:

After a standard system update you need to reboot your computer to makeall the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed. Ifyou use linux-restricted-modules, you have to update that package aswell to get modules which work with the new kernel version. Unless youmanually uninstalled the standard kernel metapackages (e.g. linux-generic,linux-server, linux-powerpc), a standard system upgrade will automaticallyperform this as well.